From 831639e080f7b8fbe75267960bc83fa9439e0819 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Fri, 8 Jul 2022 11:11:55 -0400
Subject: Describe behavior on authority certs from the past or future.

---
 dir-spec.txt | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'dir-spec.txt')

diff --git a/dir-spec.txt b/dir-spec.txt
index 0de986f..9ae9368 100644
--- a/dir-spec.txt
+++ b/dir-spec.txt
@@ -1547,12 +1547,18 @@ Table of Contents
         The time (in UTC) when this document and corresponding key were
         last generated.
 
+        Implementations SHOULD reject certificates that are published
+        too far in the future, though they MAY tolerate some clock skew.
+
     "dir-key-expires" YYYY-MM-DD HH:MM:SS NL
 
         [Exactly once.]
 
         A time (in UTC) after which this key is no longer valid.
 
+        Implementations SHOULD reject expired certificates, though they
+        MAY tolerate some clock skew.
+
     "dir-signing-key" NL a key in PEM format
 
         [Exactly once.]
-- 
cgit v1.2.3-54-g00ecf